I started grepping .vscode/settings.json for terminal.integrated before opening any new repo. VS Code workspace settings being executable by default is quietly terrifying.
Panzerschrek 12 hours ago [-]
As I understand one don't need to have AI agents or something similar to be pwned. It's enough to clone a repository using git, since it allows executing arbitrary hooks for post-checkout.
Ferret7446 10 hours ago [-]
That's why cloning a git repo doesn't copy any hooks.
There are software/devs that make sane security choices, and then there's the ones that don't (usually the younger/more modern ones)
embedding-shape 1 days ago [-]
Is this why Windows Defender is prompting me 2-3 times a day to submit my codex/config.toml to Microsoft for "malware analysis"? I've said no every time so far, since my first thought is "What could even be hidden there?" when I see the dialog yet again, I'm guessing Microsoft would love to see how people use their competitors' products though.
lstodd 1 days ago [-]
You might as well click yes, since it's all been uploaded as telemetry anyways.
IcyWindows 1 days ago [-]
Citation needed
giancarlostoro 1 days ago [-]
Hell I've seen things that shouldn't be up there just scooped up by Microsoft, I had to opt-out because it was just showing my PII look ups into my Microsoft accounts search history.
The final straw for me was when I saw that Microsoft Defender by default could send files to their servers for inspection, and I couldn't see what was sent previously, nor was this an opt-in option, it was on by default. I have anything from PII to highly proprietary things on my computer, I don't need them being "flagged" by Microsoft for arbitrary reasons. I have been on Linux full time for the last few years since.
hadlock 21 hours ago [-]
This is MS Word Macros all over again
Tangurena2 1 days ago [-]
I've heard about these attacks but never really had the time to understood what was happening. Some of our junior devs use VS Code, so now we have something to point them at.
ashishb 1 days ago [-]
I have been targeted with this attack in the wild where '.vscode/tasks.json' had the auto-run code.
I smelled something fishy and never ran it though.
VS Code will helpfully warn you when you open a folder that has a git repository.. it asks if you trust the developers since opening the folder could result in bad things happening. So this might not be such a big deal for VS Code users.
acdha 1 days ago [-]
I think that assumption is very dangerous: if your editor only prompts when you first open the project, it won’t help when that project is compromised later or if you checkout a merge request from someone untrustworthy/compromised and are mentally thinking “my project is safe” even though you’re a single gh/glab command away from that directory having anything an outside party wants.
ceejayoz 1 days ago [-]
You know they're just gonna click yes, right?
That prompt is just there so they can say "your fault!"
ktm5j 1 days ago [-]
Well, in that case it totally is their fault...
MeetingsBrowser 1 days ago [-]
Only juniors are suing VSCode? What are others using?
stronglikedan 1 days ago [-]
prob Cursor (also affected). at least that's preferred in my org
vikramkr 1 days ago [-]
Point them at for what?
bpt3 1 days ago [-]
It's far from a blindspot. People have been yelling about this from the rooftops for the last several years.
No one cares about security. People used to care for a fairly short period of time after something bad happened to them, but even that seems to have gone by the wayside as breaches, leaks, and use of exploited code has become normalized.
mikepurvis 1 days ago [-]
It's always been a discussion in packaging, around build/install/configure time, think like setup.py, Debian's postinst, etc.
The rise of editors that will own your system just by browsing to the wrong folder without opening or running anything is relatively speaking newer, but I think most people in HN audience should be able to intuit some of the risks, especially when untrusted PRs and semi-trusted LLM bots are in the mix with your "trusted" codebase.
pixl97 1 days ago [-]
>but I think most people in HN audience should be able to intuit some of the risks
Only a small subset of the worlds programmers are on HN, and one might assume they are more security aware then those that are not. Which means there's a shit load of people opening stuff they shouldn't be.
bpt3 1 days ago [-]
> The rise of editors that will own your system just by browsing to the wrong folder without opening or running anything is relatively speaking newer, but I think most people in HN audience should be able to intuit some of the risks, especially when untrusted PRs and semi-trusted LLM bots are in the mix with your "trusted" codebase.
This is kind of my point. People are doing things that are objectively stupid from a security perspective on a daily basis, and actively rejecting the idea of protecting themselves because they keep doing it after either identifying some risk themselves, being told about it directly, or being told about how others were negatively impacted by the same actions.
And in my opinion, the benefits they get from these changes to their dev environment are negligible, and that's not even getting into how every file is potentially executable code to an LLM.
zer00eyz 1 days ago [-]
> No one cares about security.
Not true, the C suite cares a LOT about security.
You need that human shield, that person to blame when it does go wrong...
tuwtuwtuwtuw 24 hours ago [-]
Okay, so can I configure VS Code to never run commands in config files?
hulitu 1 days ago [-]
> VS Code, Cursor, Claude Code, Gemini CLI, npm, Composer, and Bundler all support config files that can carry a shell command.
I think they, and the CIA, call it a feature. Just like messenger apps which try to "execute" every "image file" or link thrown at them.
continueops_com 1 days ago [-]
[dead]
1 days ago [-]
sieabahlpark 1 days ago [-]
[dead]
Rendered at 18:22:55 GMT+0000 (Coordinated Universal Time) with Vercel.
There are software/devs that make sane security choices, and then there's the ones that don't (usually the younger/more modern ones)
https://support.microsoft.com/en-us/windows/windows-search-a...
The final straw for me was when I saw that Microsoft Defender by default could send files to their servers for inspection, and I couldn't see what was sent previously, nor was this an opt-in option, it was on by default. I have anything from PII to highly proprietary things on my computer, I don't need them being "flagged" by Microsoft for arbitrary reasons. I have been on Linux full time for the last few years since.
I smelled something fishy and never ran it though.
https://news.ycombinator.com/item?id=48127469
That prompt is just there so they can say "your fault!"
No one cares about security. People used to care for a fairly short period of time after something bad happened to them, but even that seems to have gone by the wayside as breaches, leaks, and use of exploited code has become normalized.
The rise of editors that will own your system just by browsing to the wrong folder without opening or running anything is relatively speaking newer, but I think most people in HN audience should be able to intuit some of the risks, especially when untrusted PRs and semi-trusted LLM bots are in the mix with your "trusted" codebase.
Only a small subset of the worlds programmers are on HN, and one might assume they are more security aware then those that are not. Which means there's a shit load of people opening stuff they shouldn't be.
This is kind of my point. People are doing things that are objectively stupid from a security perspective on a daily basis, and actively rejecting the idea of protecting themselves because they keep doing it after either identifying some risk themselves, being told about it directly, or being told about how others were negatively impacted by the same actions.
And in my opinion, the benefits they get from these changes to their dev environment are negligible, and that's not even getting into how every file is potentially executable code to an LLM.
Not true, the C suite cares a LOT about security.
You need that human shield, that person to blame when it does go wrong...
I think they, and the CIA, call it a feature. Just like messenger apps which try to "execute" every "image file" or link thrown at them.